@chouf1 try uploading a picture. It doesn’t work. Where is the settings options on the BP drop down menu in the plug-in list? Not there! He is aware and was on my website testing it. It broke their plug-in and many others. And the other change only makes sense if you want an hour tacked onto your administrative duties. Do you get at least 50 slogs and spammers a day? Good luck clicking around trying to delete them in the minute it used to take. UGH! I don’t know why you insist upon arguing about that. Unless you have a vested interest. I just feel sorry for all the plug-in developers who are frantically trying to make their stuff work. And now my site is broken. I’m screwed. Tried downgrading. Sucked. Didn’t work.
@ewebber I wish I had waited. You are making a wise decision!
@DJPaul – well, people ought to know that if they are running plug-ins (any plug-ins including spam plug-ins) that most of their installed plug-ins are going to get killed. Including Welcome Pack. And I did comment on the WordPress site. Not happy. There is no way there was enough testing on this. On Buddypress side, things are working fine. It’s WordPress. All my major plug-ins… dead. Now I’m going to have to revert back to the previous versions. I really shouldn’t have hit the update button. But… you’d think that you should be safe to do so.
WP really irritates. I’m going to refrain from using foul language because everyone who commented was able to.
It’s broken lots of the plug-ins I was using. Welcome Pack – doesn’t work. BP Album + – doesn’t work, although I spoke with the plug-in developer and he is currently working on a fix. I don’t know who the Welcome Pack developer is so I don’t know if he is aware that it is broken. The BP Album + developer didn’t know that their plug-in wasn’t working. So maybe the other plug-in developers don’t know that their plug-ins don’t work either. Who knows?
Wouldn’t it be easier if all the plug-in developers, BuddyPress, and WordPress somehow got on the same page so that all updates could be easily streamlined so that we didn’t need to go through this every time? If the plug-in developers were able to test their plug-ins before the updates were integrated that could save EVERYONE lots of headaches. Is it possible for this simple streamlining of events to happen? Can’t there be a centralized place where things are actually tested first?
Not only did WP break certain plug-ins but they’ve also changed the way “users” and “sites” are listed in the dashboard. They are all alphabetical now. If anyone knows about spammers and how OFTEN we have to mark them as spam on the fly or delete them, they will know that an alphabetical listing is not efficient. This is an IDIOTIC change. Having users and sites listed as first joined or created and last joined or created was better as deleting spam took 1 minute. Now it takes an hour. You have to click through each page or copy and paste the spammers user name into search users in order to delete or edit or whatever.
And what’s up with “network admin” and who thought that was a good idea? What’s going on WordPress? I know this isn’t a Buddypress issue, but a cook is a better designer of a kitchen than an architect. Just sayin’. UGH.
@jordashtalon did it work for you?
SI CAPTCHA Anti-Spam by Mike Challis has worked well for me.
@modemlooper, thanks for your suggestion on different forms for different users in the register.php.
I also want to change the register slug. Because spam bots know bp register slug. We can get rid of a lot of them by simply change the register slug. But, how?
Well, I must agree with some guys here, that it really should register users out of the box.
Solution confirmed:
Mail From plugin allows to send the email to the user.
The next small issue is that gmail catches that email as spam…
You can go into the database and change user_status from 2 to 0.
On here or on your BuddyPress site? The only way I’ve been able to fix this is to go into database and remove the member. Then have them resign up.
This looks like just a WordPress site without any BuddyPress in it?
Or is this just spam?
Solved. I’m an idiot.
user_spam_remover Plugin was improperly configured.
As a side note: If you use buddypress for commenting, the User Spam Remover plugin won’t pick up on buddypress activity as being actual site activity – thus causing users to be mistaken as spam bots.
I have groups set up, but I had some people ask for their own “blog” though, which I’m a bit reluctant to do because of spam / server space issues. I thought if it was just a glorified activity stream thing it might be easier to keep under control.
Gravity forms sound interesting… have to look that up, although I don’t think it is what they are asking for… they want their own “home” on the site so to speak.
Same issue, new users going to spam status. How do I “un-spam” a user?
Probably mark as spammer, or request it over at Requests and Feedback
Mark him as a bozo, on the backend of bbPress, or a spammer on the ack end of WordPress. Oughta do it…
Would using some javascript to fill the value of a hidden field name signup_blog_path do the trick?
Or should I just remove the bp_core_signup function and replace it with my own?
Im also trying to fight spam and a recent change to my signup form has increased the number of spam signups. Is there a good solution for helping ensure a human is signing up to buddypress? Im also trying to evaluate whether the vulnerability is from buddypress or my theme. How could I tell?
To give you the entire picture of what happens when you register, or do anything else, go to Buddypress Test Drive. http://testbp.org.
Register, and you an experience everything it says and does for your site.
On the email subject, Buddypress email are actually wired around WordPress emails. In the very most likely case, the email is at a snails pace, and either ends up at the spam folder, or just takes along time to receive. This pace on which the emails get received will fluctuate, depending on the activity on the site. My emails on my site take a couple minutes to receive, Only because I am on my on server, there is nothing you can really do to speed up the emails, because you are on a host server, multiple servers. Emails taking 20-30 minutes is actually pretty good, compared to most, like on bluehost, which can take up to an hour and a half! 
@hnla I know that there will be a segment of the population who will be prevented from joining because I am blocking IP addresses. But, I want/need these prevented in the first place and I do not understand why this is not addressed in the core and has to be something I must “hunt through the forum threads to reducing spam signups”. Its not like this is an unknown issue.
Besides, I HAVE searched for “reduce spambots” “reduce fake sign ups” “Reduce and reducing spam sign ups” with zero results.
You should take care adding bans on IP’s it’s a little frowned on and can affect legitimate users, Most spammers will be spoofing their addresses they don’t want to be tracked so adding these IPs is likely not really doing much.
There are plenty of tips and tricks if you hunt through the forum threads to reducing spam signups.
What I have to ask is “Why?” and “How?” are these spambots accessing and creating users? I have one site that uses WP multisite with BP and there’s a great plugin “BP Registration Options” that works well enough to grab and display all new member requests and displays IP addresses; which I then add to WP-Ban. Its taken a month but I am now down to a dozen or so spambot signups per day.
Now, I have another WP/BP site that is NOT multisite and “BP Registration Options” does not work the same. BUT I copy the IP addresses from the one and paste it into the “WP Ban” of this site. However, I am still 100+ spambot signups per day. So, I have a plugin “Pending Activations” (which doesn’t work in multisite) but this plugin does not display the IP address of the offending spambot signups. Thus, my battle with the signups continues …
So … How are the spambots signing up? Why does the registration form not have CAPTCHA? and how can we stop them from signing up?
Don’t doubt there isn’t one common string to latch onto you’ll probably have to run a few sorts, going to be agony whatever method one takes really, you could try .info that may take care of quite a few?
Thanks hnla
I did look at phpMyAdmin but there’s nothing in common like that (they’re not all .info addresses) – except the string of numbers on the end of the usernames. but as they’re on the end I can’t sort like that…?!
Sounds like time to get stuck into phpMyAdmin and use it’s search to try and locate just emails ending in .info or similar spammy email addies and delete the rows directly in the DB, might be some genuine ones but probably less than in WP backend which has no sort capability
